Security is our top priority

Our customer-focused culture ensures that security is a top priority. We are open and transparent with our security program so you can feel safe using our cloud and server products. Hindsight operates an Information Security Management System (ISMS) based on ISO27001 and uses ISO27002 and CSA Cloud Controls Matrix v3.0 as a source of controls. Hindsight isn't certified under ISO27001 but is certified under the Cyber Essentials scheme. View the certificate

Cloud security statement

Our Cloud security statement details many of the questions that we receive from customers about how we run and secure our cloud services. Read the statement

Report a vulnerability

We love hearing about ways we can improve the security of our products. Our commitment to delivering secure software for our customers is aided by the security community.

If you have found a security vulnerability, please disclose it to us by emailing the details to security@hindsightsoftware.com. If the vulnerability is new to us, we will reward you with some free Behave Pro swag. Hindsight makes all vulnerability bug reports a priority and will respond within 24 hours or less.

Security bug fix policy

In the event of a vulnerability, we will assess the severity and if necessary notify any customers that may be affected within 24 hours.

Hindsight aims to meet the following guidelines for deploying security issue fixes and they are categorised into the 4 severity levels, which usually have some of the following characteristics:

Critical

CVSS v2 score >= 8, CVSS v3 score >= 9

Exploitation results in compromise of servers or infrastructure

Data required to exploit the vulnerability is widely available

Exploitation doesn't require any special credentials or knowledge

Hindsight aims to resolve this vulnerability level within 24 hours or as soon as possible.